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REMARKS 

In response to the Office Action mailed September 7, 2007, Applicant respectfully 
requests reconsideration. Claims 1-26 were previously pending in this application. In this paper, 
claims 16-26 have been amended. As a result, claims 1-26 are pending for examination with 
claims 1, 11, 16 and 21 being independent claims. No new matter has been added. 

Rejections under 35 U.S.C. §101 
Claims 16-20 and 21-26 were rejected under 35 U.S.C. § 101 as allegedly being directed 
to non-statutory subject matter. Applicant respectfully disagrees. Nonetheless, for purposes 
only of expediting prosecution, Applicant has amended claims 16-26 to clarify that the claims 
are directed to a computer storage medium, which is statutory subject matter. Accordingly, 
withdrawal of the rejection of claims 16-26 under 35 U.S.C. §101 is respectfully requested. 

Rejections under 35 U.S.C. §112 

Independent claims 16 and 21 were rejected under 35 U.S.C. § 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claims 17-20 and claims 22-26, due to their dependencies on 
claims 16 and 21 respectively, were also rejected under 35 U.S.C. § 112. 

Applicant has amended claims 16 and 21 to address the rejection. Accordingly, 
withdrawal of the rejections of claims 16-26 under 35 U.S.C. § 112 is respectfully requested. 

Rejections Under 35 U.S.C. §102 

Claims 1-26 were rejected under 35 U.S.C. 102(e) as being allegedly anticipated by 
Goldberg et al., U.S. Published Patent Application No. 2004/0013112 (hereinafter Goldberg). 
Applicant respectfully disagrees. 

Goldberg is directed to a dynamic packet filtering scheme that utilizes session tracking in 
order to make decisions on whether to allow or deny a packet (page 1, <j[ 0001). In particular, 
Goldberg describes a dynamic filter for filtering an input packet stream comprising a session 
database, a session recognition model, a session management module, and a main filter module 
(page 2, 1 0015). 
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The session database stores session related data for a plurality of sessions, with each 
session being associated with a socket. The session recognition module searches this database 
for a session whose associated socket matches that of a received packet. The session 
management module is responsible for updating the database, including adding, deleting, and 
modifying sessions as needed. The main filter module tracks the connection state of the session 
corresponding to a received packet, checks it against a set of rules, and determines whether to 
allow or deny the packet (page 2, f 0015). 

The data that is stored in the record fields of the session database for each session 
includes a timestamp. (page 8, Table 2). This timestamp field is used to age a session. That is, 
"time is represented in 16 bits and stored as a time difference or delta in accordance with the 
particular protocol. Periodically, the CPU instructs the session management module to perform 
session aging whereby sessions that have aged out are closed" (page 9, f 0104). 

By contrast, claim 1 recites: 

A method for dynamically creating and maintaining a set of indices in a computer, 
wherein the indices identify a plurality of filters defining a network policy and wherein the 
indices are used by a firewall to identify a matching filter, comprising: 

creating a first index conforming to a first index type; 

identifying, in the first index, a first set of filters, each filter in the first set of filters 
specifying network packets subject to the network policy; 

maintaining statistics including a selected criteria and a corresponding value, wherein the 
value identifies a number of filters from the first set of filters meeting the selected criteria; 

determining that the corresponding value exceeds a threshold value; 

creating a second index conforming to a second index type; 

identifying, in the second index, a second set of filters, wherein the second set of filters 
are a subset of the first set of filters; and 

removing identification of the subset of filters from the first index. 
(Emphasis added). 

Goldberg's disclosure of a timestamp field and corresponding aging process does not 
teach or suggest "maintaining statistics including a selected criteria and a corresponding value, 
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wherein the value identifies a number of filters from the first set of filters meeting the selected 
criteria" and "determining that the corresponding value exceeds a threshold value." (Emphasis 
added). Nor does any other record field of Goldberg's session database (page 8, Table 2) contain 
such a value. 

In view of the foregoing, Goldberg fails to anticipate the claim. Accordingly, the 
rejection of claim 1 should be withdrawn. 

Each of claims 2-10 depends either directly or indirectly from claim 1. Accordingly, the 
dependent claims are allowable for at least the same reasons. 

Claim 16 recites: 

A computer storage medium having computer executable instructions for dynamically 
creating and maintaining a set of indices in a computer, wherein the indices identify a plurality of 
filters defining a network policy and wherein the indices are used by a firewall to identify a 
matching filter, comprising: 

creating a first index conforming to a first index type; 

identifying, in the first index, a first set of filters, each filter in the first set of filters 
specifying network packets subject to the network policy; 

maintaining statistics including a selected criteria and a corresponding value, wherein the 
value identifies a number of filters from the first set of filters meeting the selected criteria; 

determining that the corresponding value exceeds a threshold value; 

creating a second index conforming to a second index type; 

identifying, in the second index, a second set of filters, wherein the second set of filters 
are a subset of the first set of filters; and 

removing identification of the subset of filters from the first index. 
(Emphasis added). 

As discussed above, Goldberg does not teach or suggest "maintaining statistics including 
a selected criteria and a corresponding value, wherein the value identifies a number of filters 
from the first set of filters meeting the selected criteria" and "determining that the corresponding 
value exceeds a threshold value. " (Emphasis added). Accordingly, the rejection of claim 16 
should be withdrawn. 
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Each of claims 17-20 depends directly from claim 16. Accordingly, the dependent claims 
are allowable for at least the same reasons. 

Claim 11 recites: 

A method for creating a filter index used to identify a plurality of filters used with a 
network firewall, each filter of the plurality of filters including a set of filter conditions and a 
filter weight, each filter condition including an individual field weight, comprising: 

identifying an index type based upon the filter conditions of the plurality of filters; 

identifying a subset of filter conditions to include in the index based upon an average 
field weight calculated from the individual field weight; and 

selecting an order by which the subset of filter conditions are placed in the index. 

Goldberg fails to disclose or suggest each limitation of claim 11. Thus, Goldberg fails to 
anticipate the claim. In addition, the Office Action presented no analysis of how claim 11 
allegedly reads on Goldberg. In fact, it appears that the Office Action, although mentioning 
claim 11, is completely devoid of any discussion of claim 11 in connection with Goldberg. 
Accordingly, the rejection of claim 11 should be withdrawn. 

Each of claims 12-15 depends either directly or indirectly from claim 11. Accordingly, 
the dependent claims are allowable for at least the same reasons. 

Claim 21 recites: 

A computer storage medium having computer executable instructions for creating a filter 
index used to identify a plurality of filters used with a network firewall, each filter of the 
plurality of filters including a set of filter conditions and a filter weight, each filter condition 
including an individual field weight, comprising: 

identifying an index type based upon the filter conditions of the plurality of filters; 

identifying a subset of filter conditions to include in the index based upon an average 
field weight calculated from the individual field weight; and 

selecting an order by which the subset of filter conditions are placed in the index. 
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Goldberg fails to disclose or suggest each limitation of claim 21. Thus, Goldberg fails to 
anticipate the claim. In addition, the Office Action presented no analysis of how claim 21 
allegedly reads on Goldberg. In fact, it appears that the Office Action, although mentioning 
claim 21, is completely devoid of any discussion of claim 21 in connection with Goldberg. 
Accordingly, the rejection of claim 21 should be withdrawn. 

Each of claims 22-26 depends either directly or indirectly from claim 21. Accordingly, 
the dependent claims are allowable for at least the same reasons. 

General Comments on Dependent Claims 
Since each of the dependent claims depends from a base claim that is believed to be in 
condition for allowance, Applicant believes that it is unnecessary at this time to argue the 
allowability of each of the dependent claims individually. Applicant does not, however, 
necessarily concur with the interpretation of the dependent claims as set forth in the Office 
Action, nor does Applicant concur that the basis for the rejection of any of the dependent claims 
is proper. Therefore, Applicant reserves the right to specifically address the patentability of the 
dependent claims in the future, if deemed necessary. 
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CONCLUSION 

A Notice of Allowance is respectfully requested. The Examiner is requested to call the 
undersigned at the telephone number listed below if this communication does not place the case 
in condition for allowance. 

If this response is not considered timely filed and if a request for an extension of time is 
otherwise absent, Applicant hereby requests any necessary extension of time. If there is a fee 
occasioned by this response, including an extension fee, that is not covered by an enclosed 
check, please charge any deficiency to Deposit Account No. 23/2825. 

Dated: December 7, 2007 Respectfully submitted, 



By: /James H. Morris/ 

James H. Moms, Reg. No. 34,681 
Wolf, Greenfield & Sacks, P.C. 
600 Atlantic Avenue 
Boston, Massachusetts 02210-2206 
Telephone: (617) 646-8000 



